search

devongovett / exif-reader

A small EXIF image metadata reader
MIT License
145 stars 22 forks source link

When there is damaged Exif header - it causes out of memory #10

Closed uldisv closed 4 years ago

uldisv commented 6 years ago

If Exif offsets happen to be random garbage - package tries to split at those random positions without validation. This will cause "Out Of Memory" error and process stop node itself.

I'd suggest as first command in readTag function add validation of abnormal valueOffset and numValues:

function readTag(buffer, offset, bigEndian) {
...
    // Prevent damaged Exif data to cause Out Of Memory
    if (valueOffset >= buffer.length || numValues > 1000000 || valueOffset + numValues * valueSize >= buffer.length)
      throw new Error("Damaged Exif data");

numValues > 1000000 (just assumed very large number) - but without this check - last comparsion may not always work - it can rollower.

Attached damaged header Exif information damaged_header.zip

papandreou commented 6 years ago

Should be fixed by https://github.com/devongovett/exif-reader/pull/5

lovell commented 4 years ago

v1.0.3 now available, thanks for reporting.